rewrite api/posts/delete to be more secure and add unit tests for it
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@769 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
parent
df8216d607
commit
22c9a01ee8
3 changed files with 62 additions and 28 deletions
|
@ -177,6 +177,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||
* DOES NOT RESPECT PRIVACY SETTINGS!
|
||||
*
|
||||
* @param string $address URL to get bookmarks for
|
||||
* @param boolean $all Retrieve from all users (true)
|
||||
* or only bookmarks owned by the current
|
||||
* user (false)
|
||||
*
|
||||
* @return mixed Array with bookmark data or false in case
|
||||
* of an error (i.e. not found).
|
||||
|
@ -184,9 +187,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||
* @uses getBookmarkByHash()
|
||||
* @see getBookmarkByShortname()
|
||||
*/
|
||||
public function getBookmarkByAddress($address)
|
||||
public function getBookmarkByAddress($address, $all = true)
|
||||
{
|
||||
return $this->getBookmarkByHash($this->getHash($address));
|
||||
return $this->getBookmarkByHash($this->getHash($address), $all);
|
||||
}
|
||||
|
||||
|
||||
|
@ -196,15 +199,18 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||
* DOES NOT RESPECT PRIVACY SETTINGS!
|
||||
*
|
||||
* @param string $hash URL hash
|
||||
* @param boolean $all Retrieve from all users (true)
|
||||
* or only bookmarks owned by the current
|
||||
* user (false)
|
||||
*
|
||||
* @return mixed Array with bookmark data or false in case
|
||||
* of an error (i.e. not found).
|
||||
*
|
||||
* @see getHash()
|
||||
*/
|
||||
public function getBookmarkByHash($hash)
|
||||
public function getBookmarkByHash($hash, $all = true)
|
||||
{
|
||||
return $this->_getbookmark('bHash', $hash, true);
|
||||
return $this->_getbookmark('bHash', $hash, $all);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -202,8 +202,9 @@ class Api_PostsDeleteTest extends TestBaseApi
|
|||
//send request
|
||||
$res = $req->send();
|
||||
|
||||
//401 - unauthorized
|
||||
$this->assertEquals(401, $res->getStatus());
|
||||
//404 - user does not have that bookmark
|
||||
$this->assertEquals(404, $res->getStatus());
|
||||
|
||||
//verify MIME content type
|
||||
$this->assertEquals(
|
||||
'text/xml; charset=utf-8',
|
||||
|
@ -211,10 +212,10 @@ class Api_PostsDeleteTest extends TestBaseApi
|
|||
);
|
||||
|
||||
//verify xml
|
||||
$this->assertNotTag(
|
||||
$this->assertTag(
|
||||
array(
|
||||
'tag' => 'result',
|
||||
'attributes' => array('code' => 'done')
|
||||
'attributes' => array('code' => 'something went wrong')
|
||||
),
|
||||
$res->getBody(),
|
||||
'', false
|
||||
|
|
|
@ -1,33 +1,60 @@
|
|||
<?php
|
||||
// Implements the del.icio.us API request to delete a post.
|
||||
|
||||
// del.icio.us behavior:
|
||||
// - returns "done" even if the bookmark doesn't exist;
|
||||
// - does NOT allow the hash for the url parameter;
|
||||
// - doesn't set the Content-Type to text/xml (we do).
|
||||
/**
|
||||
* API for deleting a bookmark.
|
||||
* The delicious API is implemented here.
|
||||
*
|
||||
* The delicious API behaves like that:
|
||||
* - returns "done" even if the bookmark doesn't exist
|
||||
* - we do it correctly
|
||||
* - does NOT allow the hash for the url parameter
|
||||
* - doesn't set the Content-Type to text/xml
|
||||
* - we do it correctly, too
|
||||
*
|
||||
* SemanticScuttle - your social bookmark manager.
|
||||
*
|
||||
* PHP version 5.
|
||||
*
|
||||
* @category Bookmarking
|
||||
* @package SemanticScuttle
|
||||
* @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
|
||||
* @author Christian Weiske <cweiske@cweiske.de>
|
||||
* @author Eric Dane <ericdane@users.sourceforge.net>
|
||||
* @license GPL http://www.gnu.org/licenses/gpl.html
|
||||
* @link http://sourceforge.net/projects/semanticscuttle
|
||||
*/
|
||||
|
||||
// Force HTTP authentication first!
|
||||
$httpContentType = 'text/xml';
|
||||
require_once 'httpauth.inc.php';
|
||||
|
||||
/* Service creation: only useful services are created */
|
||||
$bookmarkservice =SemanticScuttle_Service_Factory::get('Bookmark');
|
||||
$bs = SemanticScuttle_Service_Factory::get('Bookmark');
|
||||
$uId = $userservice->getCurrentUserId();
|
||||
|
||||
|
||||
// Note that del.icio.us only errors out if no URL was passed in; there's no error on attempting
|
||||
// to delete a bookmark you don't have.
|
||||
|
||||
// Error out if there's no address
|
||||
if (is_null($_REQUEST['url'])) {
|
||||
if (!isset($_REQUEST['url'])
|
||||
|| $_REQUEST['url'] == ''
|
||||
) {
|
||||
$deleted = false;
|
||||
} else if (!$bs->bookmarkExists($_REQUEST['url'], $uId)) {
|
||||
//the user does not have such a bookmark
|
||||
// Note that del.icio.us only errors out if no URL was passed in;
|
||||
// there's no error on attempting to delete a bookmark you don't have.
|
||||
// this sucks, and I don't care about being different but correct here.
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
$deleted = false;
|
||||
|
||||
} else {
|
||||
$bookmark = $bookmarkservice->getBookmarkByAddress($_REQUEST['url']);
|
||||
$bid = $bookmark['bId'];
|
||||
$delete = $bookmarkservice->deleteBookmark($bid);
|
||||
$deleted = true;
|
||||
$bookmark = $bs->getBookmarkByAddress($_REQUEST['url'], false);
|
||||
$bId = $bookmark['bId'];
|
||||
$deleted = $bs->deleteBookmark($bId);
|
||||
if (!$deleted) {
|
||||
//something really went wrong
|
||||
header('HTTP/1.0 500 Internal Server Error');
|
||||
}
|
||||
}
|
||||
|
||||
// Set up the XML file and output the result.
|
||||
echo '<?xml version="1.0" standalone="yes" ?'.">\r\n";
|
||||
echo '<result code="'. ($deleted ? 'done' : 'something went wrong') .'" />';
|
||||
echo '<?xml version="1.0" standalone="yes" ?' . ">\r\n";
|
||||
echo '<result code="' . ($deleted ? 'done' : 'something went wrong') . '" />';
|
||||
?>
|
Loading…
Reference in a new issue